|Max Mehl 18c201dbd8||1 month ago|
|.reuse||1 year ago|
|LICENSES||1 year ago|
|admin||10 months ago|
|inventory@50ead07987||3 months ago|
|ssh-data@837cedfaae||1 month ago|
|tasks||10 months ago|
|.drone.yml||12 months ago|
|.gitignore||1 year ago|
|.gitmodules||1 year ago|
|Pipfile||11 months ago|
|Pipfile.license||12 months ago|
|Pipfile.lock||11 months ago|
|Pipfile.lock.license||12 months ago|
|README.md||10 months ago|
|admin.py||1 year ago|
|ansible.cfg||1 year ago|
|playbook.yml||10 months ago|
|renovate.json||1 year ago|
|renovate.json.license||1 year ago|
|utils.py||1 year ago|
SSH Key Distributor
Providing a simple way to ensure the presence (or absence) of public SSH keys on a set of systems (user-host-combinations) according to profiles.
If you want to run this directly using Python or develop the tool further, first execute the following commands to get started with pipenv. Make sure you're using at least Python 3.9
pip install --user pipenv pipenv install
then you should initialise the
ssh-data submodules where all
the FSFE-specific data is stored.
git submodule update --init --remote inventory git submodule update --init --remote ssh-data
finally run to start the UI:
pipenv run python admin.py
and open http://localhost:5000/admin. There you'll find instructions on how to proceed. It boils down to the following:
Configure keys and the systems to which they have access. This project uses the following concept to ease configuration:
Systems are user-host-combinations, e.g.
firstname.lastname@example.org. For each system the location of its authfile needs to be specified, e.g.
Profiles are simply a utility. They allow the user to specify which keys have access to which system in a more straightforward way than adding every key to every system individually. One can for example specify an
admingroup which has access to all root accounts on all hosts. Then adding a new key that is supposed to have this level of access can just be added to the
Keys are simply public SSH keys. They consist of a keytype (e.g.
ed25519), the keystring, a comment and an option.
Once everything is configured correctly, you can generate the variables that the Ansible playbook at the root of this project needs in order to carry out its function, i.e. updating all the
~/.ssh/authorized_keysfiles on all hosts. Generate the needed Ansible configuration files by clicking the button labelled
Generate Ansible Config.
At this point, All that is left to do is to deploy all the keys via a slim ansible playbook using the command below:
pipenv run ansible-playbook playbook.yml
A simple data model with three tables (
system) and two
association tables (
A pre-deployment python script which creates and the
correct variables for each host and the contents of the
keystringfiles directory. This script is called from
the homepage of the UI, i.e.
/admin by clicking the aforementioned button.